1. Scope of This Statement
Campaign Operations Playbook for Confluence is designed as a low-permission, copy-only Confluence template library. The current app version does not operate an external backend, does not request Confluence write scopes, and does not store customer content outside Atlassian systems.
The general InfraFastlane website privacy policy covers visits to the InfraFastlane website and related website services. This page covers the current Marketplace app runtime and the way the app is intended to handle customer data.
2. Product Security Model
The app provides structured campaign operations templates inside Confluence. Users can browse, search, preview, and copy template content for use in their own Confluence pages.
The current version does not automatically create, edit, delete, read, export, or analyze customer Confluence pages.
3. Data Handling
| Area | Current behavior |
|---|---|
| Customer content storage | The app does not store customer content outside Atlassian systems. |
| External backend | The current app version does not use an external backend service. |
| External data egress | The current app version does not declare external remotes or external egress. |
| End-user data logs | The current app version is designed not to log End-User Data. |
| Website privacy policy | The InfraFastlane website privacy policy is separate and applies to the website, support contact routes, and other website services outside the app runtime. |
| Personal access tokens | The app does not require users to provide Atlassian Personal Access Tokens, passwords, or shared secrets. |
4. Permissions
The current Forge app is intentionally scoped with no Confluence read or write permissions. This matches the current copy-only product behavior and reduces risk for customer Confluence spaces.
Future product versions may add additional functionality only where the required permissions are clearly justified, documented, and reflected in the Marketplace listing and privacy/security policy.
5. Security Contact
Security issues can be reported through the InfraFastlane support page:
Please include the product name, a clear description of the issue, steps to reproduce, affected URLs or app areas, and any relevant screenshots or technical details.
Do not include passwords, API tokens, private customer content, or other secrets unless specifically requested through an approved support channel.
6. Vulnerability Handling
Security reports are reviewed during standard support hours. We prioritize issues based on severity, exploitability, customer impact, and whether customer data or app availability may be affected.
If a confirmed security issue affects customers, we will take reasonable steps to remediate the issue, communicate where appropriate, and follow applicable Atlassian Marketplace requirements.
7. Dependencies and Updates
The app and supporting build process are reviewed before Marketplace submission. Dependency changes, permission changes, external service additions, and data handling changes should be reviewed before release.
Security-relevant updates may be released where needed to maintain product safety, Atlassian compatibility, or Marketplace compliance.
8. Compliance and Certifications
InfraFastlane does not currently claim external security certifications for Campaign Operations Playbook for Confluence.
The app is designed to minimize data exposure and permissions, but customers remain responsible for evaluating whether the product fits their own legal, privacy, security, procurement, and compliance requirements.
9. Related Pages
- Support: https://infrafastlane.dev/support/
- General Website Privacy Policy: https://infrafastlane.dev/privacy-policy/
- Security Bug Fix Policy: https://infrafastlane.dev/security-bug-fix-policy/
- Security Incident Communication: https://infrafastlane.dev/security-incident-communication/
- Vulnerability Notification: https://infrafastlane.dev/vulnerability-notification/
- Service Level Agreement: https://infrafastlane.dev/sla/
- End User Terms: https://infrafastlane.dev/terms/